Definition
UPnP is a network protocol that enables devices and applications to automatically launch and close ports to connect to one another. It requires zero configuration, and you may add a new device to your network and have it link with your devices automatically.
Moreover, UPnP does not utilize authentication and only needs authorization for some devices. Since most router manufacturers support UPnP by default on their products, cybercriminals can trick routers into giving them access by pretending to be household devices. Upon gaining access, hackers may steal sensitive data or inject malware into your devices.
Actual UPnP Use Cases
- Gaming: You must connect your gaming consoles to a router to play multiplayer games.
- Internet of Things (IoT) devices: Thermostats, smart lighting, and other systems may need an internet connection to function without user input.
- Online streaming TV devices: Apple TV, Android TV, Roku stick, and other streaming devices must be connected to the internet to show content.
- Remote work: Scanners, wireless printers, and other home office devices communicate over your network.
Preventing UPnP Exploits
- Activate UPnP-UP to necessitate authorization and authentication for UPnP apps or devices. However, remember that not all devices completely support the UPnP protocol.
- Deactivate UPnP fully and manually configure new devices. This step offers the highest level of security at the sacrifice of convenience.
Examples of UPnP Attacks
- Flash UPnP: Initially identified in 2008, the Flash UPnP cyberattack is a type of attack that is independently executed when a consumer encounters a malicious SWF document running on a web page. This activates a silent step attack in the background where the target’s router forwards its ports to expose its connection on the web. Thankfully, configuring an up-to-date firewall increases the likelihood of protecting against this attack.
- Mirai Botnet attack: In 2016, hackers executed a massive DDoS attack by compromising a network of Internet of Things devices (primarily CCTV cameras) via UPnP technology. The attack was so colossal that it led to internet outages in most of the US east coast.
- Pinkslipbot attacks: This banking Trojan, also called QBot or QakBot, was discovered in the late 2000s and exploits UPnP to attack its targets. Infected systems are used as HTTP-based proxies to regulate servers in concealing harmful activities being executed. Plinkslipbot malware collects banking details from financial institutions using password stealers and man-in-browser attacks.
